Security and compliance

Your data is our business so we take every step to safeguard it. Automated controls ensure your data remains protected.
OUR APPROACH

Security in our DNA

Systems
We build and maintain automated security solutions through a mix of proprietary and best in breed solutions.
People
We select for and cultivate a culture of security awareness, placing the utmost emphasis on data security and privacy.
Iteration
We challenge assumptions about security and compliance best practices, pushing for optimal over sufficient.
Compliance

Audited and certified

Fathom retained a leading Certified Public Accounting firm based on their world-class team of auditors and information security experts to conduct a thorough audit to verify Fathom's HIPAA and SOC 2 Type 2 compliance.
HIPAA
HIPAA Compliance audits are designed to assess an organization’s risk management and regulatory compliance effectiveness. This includes the evaluation of the administrative, physical, and technical safeguards as they relate to the electronic protected health information (ePHI) an organization creates, receives, processes, maintains, and/or transmits; as well as the evaluation of the organization’s policies, procedures, and overall readiness to manage a breach of protected health information (PHI) in accordance with the notification requirements.
SOC 2 Type 2
Developed by the AICPA, SOC 2 is specifically designed for service providers storing customer data in the cloud.SOC 2 requires companies to establish and follow strict information security policies and procedures, encompassing the security, availability, processing, integrity, and confidentiality of customer data. SOC 2 ensures that a company’s information security measures are in line with the unique parameters of today’s cloud requirements.
POLICY AND PROCEDURES

A holistic approach to ensuring security of your data

Fathom's systems drive excellence in security and compliance across all aspects of the organization.
Application security
Infrastructure security
Business continuity
Incident management
Data privacy and management
Threat and vulnerability management
Disaster recovery
Access management
Incident management
Workforce training

How to report security vulnerabilities to Fathom

We welcome reports from security researchers and experts about possible security vulnerabilities within our system. We are particularly interested in hearing about vulnerabilities that impact the confidentiality or integrity of protected health information, and have the potential to impact a large number of people.

If you believe you have discovered a possible security vulnerability, please file a report with our security team including information and detailed instructions about how to reproduce the issue. You can file your report by sending an email to security@fathomhealth.com.